Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14M20zLWc4dzYtbWYyOM0y-w
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
Jenkins Semantic Versioning Plugin defines a controller/agent message that processes a given file as XML and returns version information. The XML parser is not configured to prevent XML external entity (XXE) attacks, which is only a problem if XML documents are parsed on the Jenkins controller.
Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of a controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the LTS upgrade guide.
Permalink: https://github.com/advisories/GHSA-x3m3-g8w6-mf28JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14M20zLWc4dzYtbWYyOM0y-w
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: about 1 year ago
CVSS Score: 7.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Identifiers: GHSA-x3m3-g8w6-mf28, CVE-2022-27201
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-27201
- https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2124
- http://www.openwall.com/lists/oss-security/2022/03/15/2
- https://github.com/advisories/GHSA-x3m3-g8w6-mf28
Affected Packages
maven:org.jenkins-ci.plugins:semantic-versioning-plugin
Affected Version Ranges: < 1.14Fixed in: 1.14